Solved

MS ISA  vs.  Esoft's Instagate EX2  or others

Posted on 2002-04-17
12
421 Views
Last Modified: 2013-11-16
We have about fourty users here and at the moment are only using a DSL router and NAT for protection. We have finaly talked the partners into getting a decent firewall. One of our consultants says MS ISA is the way to go. Another says his company has had nothing but trouble with MS ISA and they switched to Esoft's Instagate EX2 and they love it. Easy to setup and manage.

Does anyone have an opinion on this or a suggestion on a better firewall?

We are running W2K Servers, Exchange 5.5 (soon to be exchange 2000), DSL for internet access.

Our wants are to have the most secure firewall we can get for under $2500 - $3000. We would like to be able to block just a few specific sites.

Thanks for your advice in advance,
Rodney
0
Comment
Question by:rodney777
12 Comments
 
LVL 5

Accepted Solution

by:
Mishou earned 100 total points
ID: 6948392
Rodney,

MS ISA is good too. However you will still be vulnerable to OS problems. That's the reason that I would recomend an apliance.

For that amount of moneys you can have a firewall apliance .Something like Netscreen 5 ,WatchGuard(with a plug in for webfilter).

Or if you want something based on Linux with a nice interface try Astaro (www.astaro.com) that have web proxy included and VPN capabilities (like the other two mentioned above).


Mishou


0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6948728
I'd second the Netscreen's.  They're cheap, fast, easy to manage, and just plain work great.  You might also check out the new CheckPoint SofaWare boxes, or, depending on how small your network is, even something like an SMC Baricade.  All of these are in the sub $1000 range.

HOWEVER, this all depends on what kind of "extras" you want, like the ability to plut-in things like anti-virus scanning, content filtering, easy creatin of DMZ's, and secure connectivity for remote users.

For these things, look at the slightly higher end Netscreens, the low-end Cisco PIXes, and the Intrusion Inc. CheckPoint boxes.

MS ISA server does have these things, but as Mishou pointed out, do you really want to have the only protection of your network be a Windows box?
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6948755
ditto above
ISA is too primitive, not easy to understand, built too cheap, but what do you expect from a SW company?

I dunno on Esoft's Instagate EX2, but see no reason to contradict your source.

Rule of thumb is firewall s/b hardware, and windows is vulnerabale, so get that OS behind as many real protections as you can.

Linux is quite common, for going on the cheap.
0
 
LVL 3

Expert Comment

by:erikdr
ID: 6950095
ISA is not bad but SEVERELY limited in more complicated setups. Main hindrance is that they do not support full DeMilitarisedZone handling - filtering can only be put completely on one of the two NIC borders and not on the other. Most competitors, e.g. Checkpoint, CA and Cisco, handle this a lot better - so I suppose ESoft would do as well.

Hope this helps,

<Erik> - The Netherlands
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6952135
agreed, better to do better
While you await, train staff to quit running EM/'net worms like Klez. Firewalls do not stop the humans
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6952147
ref: http://www.computerworld.com/storyba/0,4125,NAV47_STO70290,00.html
"New variant of Klez worm detected By JAIKUMAR VIJAYAN (April 18, 2002)
A new variant of a worm that takes advantage of vulnerabilities in unpatched Internet Explorer and Outlook Express software from Microsoft Corp. is spreading in the wild, antivirus vendors warned. "
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:rodney777
ID: 6960398
Thanks for the info everyone.
We were looking at Watchguard's boxes last year and decided on that but now there seem to be more options and we are just trying to make sure we dont miss something.
I'm looking into checkpoint and netscreen to see how they compare to Esoft's Instagate EX2.
0
 
LVL 5

Expert Comment

by:BlackDiamond
ID: 6961303
Another vote for Netscreen here.  My organization runs over 200 appliance firewalls, a combination of Checkpoint, PIX, and Netscreen.  The Netscreens are by far the nicest of the bunch.

If you're getting by with a DSL router right now, then I would say a Netscreen 10 would do just fine (would actually be a much higher performance firewall). You can pick one up for around $1300.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6969854
I vote for Astaro (www.astaro.com) - someone mentioned this was linux - true enough, but you'd never know it looking at the interface.  It seems to have all the functionality of every appliance I've seen, and is infinitely extensible if you know something about linux.  I can give you the name of a company that will sell you an astaro "appliance" as a drop-in solution, if you so desire.

While security through obscurity may not be a great idea, security through diversity is not such a bad thing (although it is arguably a subset of security through obscurity).  For that reason alone, stay away from MS products when choosing your firewall.

-Jon

0
 
LVL 13

Expert Comment

by:hstiles
ID: 7013328
My vote is for the Watchguard Fireboxes.  They're easy/intuitive to use, fast, reliable, powerful and they have a lot of good features, such as VPN support built (l2tp from firebox, pptp from a standard Windows machine and upgradeable to l2tp from a client if you use their VPN client which isn't expensive).

They also feature NT authentication, which although not perfect is better than a lot of other products.  The HTTP Proxy (inc. Web Blocker), FTP PRoxy and SMTP Proxy are handy too).
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7197217
Another vote on ISA.
A company called Microsoft tried it, and chose an alternative vendor instead.

Case closed. Between the two, one of them is an obvious loser.
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709151
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts be awarded to Mishou.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best way of mitigating threat from USB flash drives 9 96
Compromised PC? 17 177
Best motion capture software for windows 7 5 89
EXCHANGE 2007, EXCHANGE 2013 8 45
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now